feat: add vulnerabilities by package #81
Conversation
|
@gildub I don't have a specific single CVE I can provide to you. Could you please try starting the "CSAF Importer" and let it run for some minutes, it should allow you to see data there |
|
@gildub Thanks for testing it. I have reported the issue you found at trustification/trustify#466 |
|
I believe this is a great opportunity to narrow down unexpected error cases. Also if that's blocking you we could it in a follow-up PR, meanwhile I'll be tempted not to procrastinate and deal with it right now, but that's up to you and your priorities. I think we can display a more detailed error message with the content of the error message which is returned by the query. Actually thinking out loud it raise the question maybe using notifications for that (in which case it'll be in separated PRs...). What do you think ? |
|
@gildub on one hand I do not like the current error message, it does not follow the standard error template. So let me change the following error with a different look and feel. But give me some time please, I am busy with other tasks.
On the other hand I do not think printing the error from the backend is a good idea. The backend error is: {
"error": "Database error",
"message": "Query Error: error returned from database: invalid input syntax for type numeric: \"sha256:f579ee538e6f4bfa4d9c20bf2680d7fc3ec7a757a40637a743b7962187b4d6a1\""
}
|
|
@carlosthe19916, a non admin user is more likely to be satisfied with the error type which is "500 - Internal Error" As we already have notification framework in place at the application level, shouldn't wee should rely on it to display an empty component and add an error notification ? |
👍
👍 |
|
logs ? |
|
@gildub I have updated the code so we reuse the current error component. This is how it should look like now:
Going back to my original question: could you point me to a real RH UI app where the UI takes "any" error response from the backend and just renders it in the UI? A screenshot of that RH UI/Patternfly product would be helpful. Otherwise we are asking something abstract and I will need to ask you to create a mockup for me. I am asking so we don't make assumptions about how to please both "common users" + "sysadmin/devops/developers"
If you see the screenshot I pasted above you will see that an error is rendered already in the main central part of the page, I don't see why we would need to render an error in the central part and also as a notification (that would be double error text) |
|
There are plenty of special cases of back-end error that are "trapped" and exposed to the end user whether using the original error message of the back-end or using a more user friendly version of it. For me an error message is an opportunity to handle edge cases.
Let's take that discussion separately outside of this PR. |
|
I agree with you when it comes to "having a concrete strategy for error rendering". I have just created this issue to track it #85 |
|
I consider important to share that "rendering backend errors in the UI" were already proven to be a bad idea in Trustification (So I am talking about a real failure in that attempt) The PR trustification/trustification#1221 and Ticket https://issues.redhat.com/browse/TC-1091 were created to remove the backend error messages from the UI as they rather than helping just confuse users (we have to remember the app is not made for us/engineers but for normal people like PM and others) The image below is an example of errors of the backend being rendered in the UI. The text contains explicit mention to internal components and even queries. PM explicitly requested to replace it with generic error messages as that level of error message does not benefit users and it has a negative impact
|
|
@carlosthe19916, Thanks for creating #85 to follow-up. |
nice move! @carlosthe19916 |
Fix trustification/trustify#461 and trustification/trustify#412 partially